CVE-2009-4648

Name of the Vulnerable Software and Affected Versions Accellion Secure File Transfer Appliance versions prior to 8 0 105

Description The issue allows local administrators to gain privileges due to improper restriction of access to sensitive commands and arguments that run with extra sudo privileges. This can be achieved through arbitrary arguments in the --file move action in /usr/local/bin/admin.pl, or a hard link attack in chmod or a certain cp command.

Recommendations For Accellion Secure File Transfer Appliance versions prior to 8 0 105, update to version 8 0 105 or later to resolve the issue. As a temporary workaround, consider restricting access to the /usr/local/bin/admin.pl script and limiting the use of chmod and cp commands to minimize the risk of exploitation.